EVE Has Partially Predetermined Vault Key

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

EVE Doesn't Protect Rootfs

Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...

Security update for curl

This update for curl fixes the following issues: Update to 8.12.1: Bugfixes: asyn-thread: fix build with 'CURLDISABLESOCKETPAIR' asyn-thread: fix HTTPS RR crash asyn-thread: fix the returned bitmask from Curlresolvergetsock asyn-thread: survive a c-ares channel set to NULL cmake: always reference...

UBUNTU-CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

PT-2025-7918 · Gradle +1 · Gradle +1

Name of the Vulnerable Software and Affected Versions: net.rubygrapefruit:native-platform versions prior to 0.22-milestone-28 Gradle version 8.12 Description: The issue concerns a local privilege escalation vulnerability in the Gradle build automation tool, specifically in its native-platform...

Kibana 8.12.1 Security Update (ESA-2024-01)

Kibana Broken Access Control issue ESA-2024-01 An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API...

CVE-2023-0081

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross site scripting

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0081

The CVE-2023-0081 entry concerns the MonsterInsights WordPress plugin (versions before 8.12.1). Affected component: block options used in embedded blocks. Root cause: lack of validation/escaping for certain block options before they are output to pages/posts, enabling Stored Cross-Site Scripting ...

Tenable Nessus < 8.12.1 Privilege Escalation Vulnerability (TNS-2020-08)

A vulnerability in Nessus versions 8.9.0 through 8.12.0 could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to...